From d90eb8132961aa481b94e63246a0ed23fc36d182 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Fri, 5 Jan 2018 23:47:45 +0100
Subject: use a more standard approach to disable security for cdrom method

It is sad that we can't wrap the cdrom method tighter at the moment, but
due to its ability to mount drives into arbitrary places via an external
suid binary we can't really do a lot better at the moment.

What we can do is set the options in the configuration space through as
it is standard in the other methods instead of doing it in main() which
is assumed to be more boilerplatey than actually doing something.

Gbp-Dch: Ignore
---
 methods/cdrom.cc | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'methods')

diff --git a/methods/cdrom.cc b/methods/cdrom.cc
index 8b7587fe5..3900e3e64 100644
--- a/methods/cdrom.cc
+++ b/methods/cdrom.cc
@@ -46,7 +46,8 @@ class CDROMMethod : public aptMethod
    virtual bool Fetch(FetchItem *Itm) APT_OVERRIDE;
    string GetID(string Name);
    virtual void Exit() APT_OVERRIDE;
-      
+   virtual bool Configuration(std::string Message) APT_OVERRIDE;
+
    public:
    
    CDROMMethod();
@@ -277,9 +278,14 @@ bool CDROMMethod::Fetch(FetchItem *Itm)
    return true;
 }
 									/*}}}*/
+bool CDROMMethod::Configuration(std::string Message)			/*{{{*/
+{
+   _config->CndSet("Binary::cdrom::Debug::NoDropPrivs", true);
+   return aptMethod::Configuration(Message);
+}
+									/*}}}*/
 
 int main()
 {
-   _config->CndSet("Binary::cdrom::Debug::NoDropPrivs", true);
    return CDROMMethod().Run();
 }
-- 
cgit v1.2.3